Skip to main content

Search this Site

DartPulse Alerts

Chrome Printing Issues

 

DartPulse Outages

Overall System Status:

Upcoming Scheduled Outages

New to Dartmouth?

Resources for:

Information Security

Connect with ITS

facebook twitter Wordpress Blog

Kerberos for Mac

Kerberos authentication software enables Dartmouth service providers and system administrators to restrict access to those services where identification is required.

Kerberos authentication uses two software applications, SideCar and KClient. In order to use SideCar and KClient, you must have an entry in the Dartmouth Name Directory (DND), the Dartmouth Alumni Name Directory (dartmouth.org) or the Dartmouth-Hitchcock Name Directory. The databases control access to the network resources of each entity. If you have a BlitzMail account on one of these sites, your information is in one of these databases.

Also see:

Download Kerberos for Mac

If you have questions, contact the IT Service Desk (Help Desk) at 646-2999, send e-mail to help@Dartmouth.edu, or contact your department's IT support office.

Installing Kerberos on Mac OS X

  1. Download a copy of the Mac OS X Kerberos installer to your desktop. You can obtain the installer above.
  2. Double-click on the Kerberos installer file you just downloaded. Note: If you have a new computer running Mac OS 10.4, you will need to download and install StuffIt Expander to expand the Kerberos installer.
  3. Click Continue.
  4. When the installation has completed, restart your computer.

Note: This will not work on Macintosh computers with an Intel processor (most machines built after June 2006). You will need to use WebAuth link or PKI authentication, rather than Kerberos authentication, on those machines.

Customizing Kerberos Settings

Once the Kerberos software has been installed on your Macintosh computer, you can customize the settings by clicking on Kerberos, then Preferences. Note that the Kerberos application is usually found in the Applications-Utilities folder. Settings you can customize include:

  • The length of time a ticket stays open, under the Time Ranges tab.
  • Getting tickets that can be forwarded to another machine, under the Default Ticket Options tab.
  • Getting tickets without IP addresses (NAT mode), under the Default Ticket Options tab.
  • Getting tickets that can be renewed for a certain number of days, under the Default Ticket Options tab.

On a single user computer, we recommend you leave these options at their default settings.

On a shared computer (such as one in a lab or public cluster), we recommend you shorten the lifetime of the ticket. That way, if you forget to clear your ticket, it won't remain open for several hours.

Clearing a Kerberos Ticket

To clear, or invalidate, a Kerberos ticket:

  • Open the Kerberos application (usually found in the Applications->Utilities folder), highlight the name of the Kerberos "ticket," then click on the Destroy button. Then quit Kerberos.

You can now walk away from the computer knowing that the next person to use it can't impersonate you by using your open Kerberos ticket.

Last Updated: 9/24/10